Preparing for GDPR with Automate

The General data protection regulation or GDPR legislation emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.

Data Controller – Individual or Group that decides how data will be stored, collected or processed.

Data Processor – Individual or group that processes data on behalf of a data controller (Collecting, altering, transferring, using, storing data Etc)

The GDPR gives data protection authorities more robust powers to tackle non-compliance, including significant administrative fining capabilities of up to €20,000,000 (or 4% of total annual global turnover, whichever is greater) for the most serious infringements.

The GDPR also makes it considerably easier for individuals to bring private claims against companies when their data privacy has been infringed and allows data subjects who have suffered non-material damage as a result of an infringement to sue for compensation.

Rights for individuals under the GDPR include:

  • Subject Access
  • To have inaccuracies corrected
  • To have information erased
  • To object to direct marketing
  • To restrict the processing of their information, including automated decision-making
  • Data portability

Every organisation is Accountable for the personal data they hold and ensuring that this data is secure.

What is GDPR ?

Accountability is at the centre of all this: of getting it right today, getting it right in May 2018, and getting it right beyond that.

The General data protection regulation or GDPR legislation emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.

The GDPR gives data protection authorities more robust powers to tackle non-compliance, including significant administrative fining capabilities of up to €20,000,000 (or 4% of total annual global turnover, whichever is greater) for the most serious infringements.

The GDPR also makes it considerably easier for individuals to bring private claims against companies when their data privacy has been infringed and allows data subjects who have suffered non-material damage as a result of an infringement to sue for compensation.

Rights for individuals under the GDPR include:

  • Subject Access
  • To have inaccuracies corrected
  • To have information erased
  • To object to direct marketing
  • To restrict the processing of their information, including automated decision-making
  • Data portability

72 Hours

Timeframe given to report a data breach, including associated details.

7 Rights

7 core citizen rights afforded under GDPR, including the right to rapid notification of breach, explicit consent, the right to erasure, etc.

4 Percent

Potential fines can range from 2-4% of a company’s global revenue.

150 Requirements

Requirements for GDPR span governance, policies, processes, and technology.

Step towards GDPR Compliance with Automate

FAQ

Does GDPR Apply to Us ?

A common misconception is that just because you don’t hold or transact with members of the public that you do not hold any personal data. Essentially every business holds data on its own staff and this data is considered personal data as such needs to be protected.

What do we need to do ?

There is no one size fits all solution for GDPR compliance. Different measures will need to be taken to ensure your organisation is compliant. The first steps begin with a GDPR readiness audit after which our security team will be able to advise you on whats next and the scope of works that need to be completed.

Does GDPR apply to us ?

A common misconception is that just because you don’t hold or transact with members of the public that you do not hold any personal data. Essentially every business holds data on its own staff and this data is considered personal data as such needs to be protected.

Whats the difference between a data controller and a data processor ?

Data Controller – individual or Group that decides how data will be stored, collected or processed.

Data Processor – Individual or group that processes data on behalf of a data controller (Collecting, altering, transferring, using, storing data Etc)

When did GDPR come into effect?

The announcement of an agreement to finalize GDPR was made in December 2015 and following a vote by the EU parliament, the compliance deadline for GDPR was set for May 25th 2018.

Is this a once off or is there an ongoing requirement ?

There is an ongoing requirement for all businesses to maintain their GDPR compliance into perpetuity. Unfortunately, the regulation is not just a point in time where businesses must be compliant but it sets out the terms under which organisations must remain compliant. The regulation also applies to all data collected in the past, present and future.

What if I don't store any personal data ?

A common misconception from business to business organisations is that they do not hold any personal information. Organisations must also consider the internal data they hold on employee’s and that this data falls within the personal data classification and as such must be protected.

How do we minimise our exposure ?

GDPR provides exceptions based on whether appropriate security controls are deployed within the organizations.

For example a breached organization that has rendered the data unintelligible through encryption to any person who is not authorized to access the data, is not mandated to notify the affected record owners.

The chances of being fined are also reduced if the organization is able to demonstrate a “ Secure Breach” has taken place.